Tickets tab

The BMC Defender Server Tickets facility provides the highest level of message correlation by creating actionable incidents in a traditional incident management framework. The Alerts and Patterns facilities open the tickets automatically. These tickets are assigned to either registered BMC Defender Server users or user-defined ticket groups.

The following figure displays the Tickets tab and its subtabs:

The Tickets tab includes subtabs (Opened and Closed) to display the open and closed tickets. The Opened tab displays a list of open tickets that represent the highest level of correlation available on the system. You can edit, close, or delete these tickets. You can also create tickets manually, annotate tickets, and assign these tickets to different users. Each user (including users with System Access set to Disabled) can receive tickets, which can exist strictly to classify ticket data. An administrator can configure specific programs that automatically run when tickets are opened or closed.

After you close a ticket, the system does not delete the ticket. Instead, the ticket is displayed on the Closed tab as a record of the incident. Preserving the ticket activity on the system might be helpful for regulatory compliance, such as PCI DSS, HIPAA, and SOX. 

On the Actions tab, you can define ticket action to run specific programs when tickets are opened or closed. The Actions tab is similar to Correlation Actions but operates independently of correlation actions, such as sending an email or providing other notifications when tickets are opened or modified. 

As an administrator, you can perform the following tasks on the Config tab:

• Configure ticket groups
• Close, reassign, or delete tickets on the system
• Limit the number and type of tickets being opened on the system
• Reduce the number of notifications that are sent, especially during the selected times and days of the week

This section provides information about the following topics: